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Abstract. Trace slicing is a widely used technique for execution trace 
analysis that is effectively used in program debugging, analysis and com- 
prehension. In this paper, we present a backward trace slicing technique 
that can be used for the analysis of Rewriting Logic theories. 
Our trace slicing technique allows us to systematically trace back rewrite 
sequences modulo equational axioms (such as associativity and commu- 
tativity) by means of an algorithm that dynamically simplifies the traces 
by detecting control and data dependencies, and dropping useless data 
that do not influence the final result. Our methodology is particularly 
suitable for analyzing complex, textually-large system computations such 
as those delivered as counter-example traces by Maude model-checkers. 

1 Introduction 

The analysis of execution traces plays a fundamental role in many program 
manipulation techniques. Trace slicing is a technique for reducing the size of 
traces by focusing on selected aspects of program execution, which makes it 
suitable for trace analysis and monitoring [5]. 

Rewriting Logic (RWL) is a very general logical and semantic framework, 
which is particularly suitable for formalizing highly concurrent, complex sys- 
tems (e.g., biological systems [5121] and Web systems |2l4j ). RWL is efficiently 
implemented in the high-performance system Maude [lOj . Roughly speaking, 
a rewriting logic theory seamlessly combines a term rewriting system (TRS) to- 
gether with an equational theory that may include sorts, functions, and algebraic 
laws (such as commutativity and associativity) so that rewrite steps are applied 
modulo the equations. Within this framework, the system states are typically 
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represented as elements of an algebraic data type that is specified by the equa- 
tional theory, while the system computations are modeled via the rewrite rules, 
which describe transitions between states. 

Due to the many important applications of RWL, in recent years, the debug- 
ging and optimization of RWL theories have received growing attention [1119120] . 
However, the existing tools provide hardly support for execution trace analysis. 
The original motivation for our work was to reduce the size of the counterex- 
ample traces delivered by Web-TLR, which is a RWL-based mo del- checking tool 
for Web applications proposed in [2"4'. As a matter of fact, the analysis (or even 
the simple inspection) of such traces may be unfeasible because of the size and 
complexity of the traces under examination. Typical counterexample traces in 
Web-TLR are 75 Kb long for a model size of 1.5 Kb, that is, the trace is in a 
ratio of 5.000% w.r.t. the model. 

To the best of our knowledge, this paper presents the first trace slicing tech- 
nique for RWL theories. The basic idea is to take a trace produced by the RWL 
engine and traverse and analyze it backwards to filter out events that are irrele- 
vant for the rewritten task. The trace slicing technique that we propose is fully 
general and can be applied to optimizing any RWL-based tool that manipulates 
rewrite logic traces. Our technique relies on a suitable mechanism of backward 
tracing that is formalized by means of a procedure that labels the calls (terms) 
involved in the rewrite steps. This allows us to infer, from a term t and posi- 
tions of interest on it, positions of interest of the term that was rewritten to t. 
Our labeling procedure extends the technique in [B], which allows descendants 
and origins to be traced in orthogonal (i.e., left- linear and overlap- free) term 
rewriting systems in order to deal with rewrite theories that may contain com- 
mutativity/associativity axioms, as well as nonleft-linear, collapsing equations 
and rules. As in dynamic tracing |14|22j . our definition of labeling uses a relation 
on contexts derived from the reduction relation on terms, where the symbols in 
the left-hand side of a rule propagate to all symbols of its right-hand side. This 
labeling relation allows us to make precise the dynamic dependence of function 
symbols occurring in the terms of a reduction sequence on symbols in previous 
terms in that sequence [T4] . 

Plan of the paper. Section [2] summarizes some preliminary definitions and nota- 
tions about term rewriting systems. In Section [U we recall the essential notions 
concerning rewriting modulo equational theories. Section |4] describes the main 
kinds of labeling and tracing in term rewrite systems. In Section [5l we formalize 
our backward trace slicing technique for elementary rewriting logic theories. Sec- 
tion |6] extends the trace slicing technique of Section [5] by considering extended 
rewrite theories, i.e., rewrite theories that may include collapsing, nonleft-linear 
rules, associative/commutative equational axioms, and built-in operators. Sec- 
tion [7] describes a software tool that implements the proposed backward slicing 
technique and reports on an experimental evaluation of the tool that allows us 
to assess the practical advantages of the trace slicing technique. In Section [SJ we 
discuss some related work and then we conclude. Proofs of the main technical 
results can be found in Appendix El 
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2 Preliminaries 

A many-sorted signature {S, S) consists of a set of sorts S and a S* x S'-indexed 
family of sets S = {Ssxs}{s,s)es-'xSj which are sets of function symbols (or 
operators) with a given string of argument sorts and result sort. Given an S- 
sorted set V = {Vs | s G 5} of disjoint sets of variables, Tx:{V)s and T^s are 
the sets of terms and ground terms of sorts s, respectively. We write Ts{V) and 
Ts for the corresponding term algebras. An equation is a pair of terms of the 
form s = t, with s,t G Ts{V)s- In order to simplify the presentation, we often 
disregard sorts when no confusion can arise. 

Terms are viewed as labelled trees in the usual way. Positions are represented 
by sequences of natural numbers denoting an access path in a term. The empty 
sequence A denotes the root position. By root{t), we denote the symbol that 
occurs at the root position of t. We let Vos{t) denote the set of positions of 
t. By notation wi.W2, we denote the concatenation of positions (sequences) wi 
and W2- Positions are ordered by the prefix ordering, that is, given the positions 
wi,W2^ wi < W2 if there exists a position x such that wi.x — W2- t]^^ is the 
subterm at the position m of t[r]„ is the term t with the subterm rooted at the 
position u replaced by r. A substitution ct is a mapping from variables to terms 
{xi/ti, . . . ,Xn/tn} such that Xifj — ti for i — 1,. . . ,n (with Xi ^ Xj if i ^ j), 
and xa = X for any other variable x. By e, we denote the empty substitution. 
Given a substitution cr, the domain of a is the set Dom{a) = {x\xa ^ a;}. 
By Var{t) (resp. F Symhols{t)), we denote the set of variables (resp. function 
symbols) occurring in the term t. 

A context is a term 7 e 7i:u{D}(^) with zero or more holes 110, and D ^ S. 
We write j[ ]„ to denote that there is a hole at position u of 7. By notation 7[ ], 
we define an arbitrary context (where the number and the positions of the holes 
are clarified in situ), while we write 7(^1, .. . i„] to denote the term obtained by 
filling the holes appearing in 7[ ] with terms ii, . . . , i„. By notation t^ , we denote 
the context obtained by applying the substitution a = {xi/0, . . . ,Xn/D} to t, 
where Var(t) = {xi . . . ,Xn} (i.e., t^ — ta). 

A term rewriting system (TRS for short) is a pair {S,R), where S is a 
signature and i? is a finite set of reduction (or rewrite) rules of the form A — p, 
A,p e Ts{V), A ^ V and Var{p) C Var{X). We often write just R instead of 
(S, R). A rewrite step is the application of a rewrite rule to an expression. A term 
s rewrites to a term t via r G i?, s -^ji t (or s i), if there exists a position 
g in s such that A matches s\q via a substitution a (in symbols, s\q = Xcr), and 
t is obtained from s by replacing the subterm S|g — Xa with the term pa, in 
symbols t = s[pa]q. The rule X p (or equation A = p) is collapsing if p G V; it 
is left-linear if no variable occurs in A more than once. We denote the transitive 
and reflexive closure of — by —J'*. 

Let r : A —> p be a rule. We call the context A'-' (resp. p^) redex pat- 
tern (resp. contractum pattern) of r. For example, the context /((?(□,□), a) 

^ Actually, when considering types, we assume to have a distinct Ds symbol for each 
sort s £ S, and by abuse we simply denote □» by □. 
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(resp. c?(s(n),n)) is the redex pattern (resp. contractum pattern) of the rule 
r : f(g{x,y),a)) — > d{s{y),y), where a is a constant symboL 

3 Rewriting Modulo Equational Theories 

An equational theory is a pair {S,E), where S is a. signature and E = A U B 
consists of a set of (oriented) equations A together with a collection B of equa- 
tional axioms (e.g., associativity and commutativity axioms) that are associated 
with some operator of E. The equational theory E induces a least congruence 
relation on the term algebra Tj;(V), which is usually denoted hy —e- 

A rewrite theory is a triple TZ — {IJ,E^R), where {IJ,E) is an equational 
theory, and i? is a TRS. Examples of rewrite theories can be found in [lOj . 

Rewriting modulo equational theories [H] can be defined by lifting the stan- 
dard rewrite relation — on terms to the ^'-congruence classes induced by =_e. 
More precisely, the rewrite relation —^h/e for rewriting modulo E is defined as 
=E ° -^R o =_E- A computation in TZ using -^rua,b is a rewriting logic deduc- 
tion, in which the equational simplification with A (i.e., applying the oriented 
equations in Z\ to a term t until a canonical form t].E is reached where no further 
equations can be applied) is intermixed with the rewriting computation with the 
rules of R, using an algorithm of matching moduli B in both cases. Formally, 
given a rewrite theory TZ = {S, E, R), where E — AU B, a rewrite step modulo 
E on a term sq by means of the rule r : A — ?> p G i? (in symbols, sq -^r\jA,b si) 
can be implemented as follows: [i) apply (modulo B) the equations of A on Sq 
to reach a canonical form (so 4,_b); (n) rewrite (modulo B) (sq ^e) to term v by 
using r G R; and {Hi), apply (modulo B) the equations of A on v again to reach 
a canonical form for v, si — v ],e- 

Since the equations of A are implicitly oriented (from left to right), the 
equational simplification can be seen as a sequence of (equational) rewrite steps 

{^a/b)- Therefore, a rewrite step modulo E sq ~^ruA,b si can be expanded 
into a sequence of rewrite steps as follows: 

equational rewrite equational 
simplification stcp/s simplification 
. " " . 

Given a finite rewrite sequence S = sq -^ruA.b si -^ruA,b Sn in the 

rewrite theory TZ, the execution trace of S is the rewrite sequence T obtained 
by expanding all the rewrite steps Si -^rua,b Si+i of S as is described above. 

In this work, a rewrite theory TZ — {S, B U A, R) is called elementary if TZ 
does not contain equational axioms (B ~ 0) and both rules and equations are 
left-linear and not collapsing. 

* A subterm of t matches I (modulo B) via the substitution a ilt =b u and u^q — la 
for a position q of u. 
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4 Labeling and Tracing in Term Rewrite Systems 

Labeling an object allows us to distinguish it within a collection of identical 
objects. This is a useful means to keep track of a given object in a dynamic 
system. In the following, we introduce a rather intuitive example that allows us 
to illustrate how the labeling and tracing process work. 

Example 1. Let ri : f{x) — 6, and r2 '■ g{b) — TO(a) be two rewrite rules. Let 
gif{a)) be an initial term. Then, by applying ri and r2 we get the execution 
trace T = g{f{a)) ^ g{b) ^ m{a). 

In term rewriting, we distinguish three kinds of labeling according to the 
information recorded by them in an execution trace. 

(?) The Hyland-Wadsworth labeling [15|23] records the creation level of each 
symbol. Roughly speaking, from an initial (default) creation level, the ac- 
complishment of a rewrite step increases by one the creation level of the 
affected symbols. For example, consider the execution trace T of Example [T] 
together with an initial level for all symbols. Then, 

g"ifia'>))^g'{b')^m'{a') 

(a) The Boudol-Khasidashvili labeling |7|16|17j records the history of the term 
in execution traces. The general idea is to record in the history the applied 
rule and the symbols of the redex pattern. This information is taken as 
the label for the head symbol of the contractum pattern. Consider again 
Example [TJ First, the set of rules is labeled as follows: 

: fix) ^ r2^,,, ■■ gib) ^ r2^(,, (a) 

Then, the labeling of the execution trace T is: 

5(/(a)) ^ 9i^ij(.)) 

Note that the initial term of this sequence is not labeled, i.e., the initial label 
is the identity. 

iiii) The Levy labeling [18] records the history of each symbol in the term. Ba- 
sically, this labeling combines the previous two labelings and attaches the 
history on every symbol of the contractum pattern. Let us show an example. 
As before, consider Example [T] The labeled rules are as follows: 

and the labeled trace of T is: 

g{f{a))\gifia))\gif{a))'-'))^gifia))\rl ) ^ (r^ ) 

Note that due to the accumulation of labels. Levy labels soon become nei- 
ther readable nor legible. Note also that this labeling keeps the maximal 
information in a rewrite step. 
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In this work, we rely on Klop labeling [6^, which is inspired by Levy label- 
ing. Roughly speaking, Klop labeling employs Greek letters and concatenation 
of Greek letters as labels. That is, given a rewrite step i — s, the symbols of 
t are decorated by using Greek letters as labels. Then, a new label I is formed 
by concatenating the labels of the redex pattern. Finally, I is attached to ev- 
ery symbol of the contractum pattern of s. A formal definition of this labeling 
adapted to deal with rewriting logic theories is given in Section 15.11 

Given a rewrite step t — s, tracing allows one to establish a mapping among 
symbols of t and symbols of s. Each symbol is mapped according to its location. 
For example, occurrences of symbols in the context of t, or in the computed sub- 
stitution, are traced to the same occurrences in s. On the contrary, the mapping 
for the symbols in the redex and contractum patterns depend on the kind of 
tracing we adopt. Namely, in static tracing the symbols do not persist through 
the execution trace. On other hand, in dynamic tracing the symbols of the redex 
pattern are mapped to all symbols of the contractum pattern. Let us illustrate 
this by means of an example. 



Example 2. Consider the rewrite step g(f{a)) —V g{b) into the trace T of Exam- 
ple [TJ By considering the static tracing, the symbol / within the term g{f{a)) 
does not leave a trace to the term g{b) since / belongs to redex pattern of ri. 
Contrarily, / dynamically traces to b. Finally, in both cases the symbol a is 
discarded without leaving a trace in the rewrite step. 



As for the dynamic tracing relation, the symbols can be partitioned into 
needed and non-needed. A symbol is called needed if it leaves a trace in the 
considered rewrite sequence. For instance, in the previous example, / is a needed 
symbol. Instead a, which belongs to substitution a — {x/a}, is a non-needed 
symbol. Given an execution trace, the set of needed symbols in a term of the 
trace forms a prefix which is also called needed prefix. 

Typically, tracing is implemented by means of labeling, i.e., the objects are 
labeled to be traced along the execution trace. For instances, let us consider 
Klop labeling for a rewrite step t ~> s. A symbol in t traces to a symbol in s, if 
and only if the label of the former is a sublabel of the label of the latter. Note 
that this tracing relation is independent of the chosen tracing, while it is strictly 
tied to the labeling strategy. 

Labeling and tracing relations in term rewriting systems have been studied 
in [22]. In order to study the orthogonality of execution traces, [22] investigates 
the equivalence of labeling and tracing along with other characterizations such 
as permutation, standardization, and projection. As far as we know, the use of 
labeling and tracing for model checking and debugging purposes has not been 
previously discussed in the related literature. 
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5 Backward Trace Slicing for Elementary Rewrite 
Theories 

In this section, we formalize a backward trace slicing technique for elementary 
rewrite theories that is based on a term labeling procedure that is inspired by |6j . 
Since equations in A are treated as rewrite rules that are used to simplify terms, 
our formulation for the trace slicing technique is purely based on standard rewrit- 
ing. 

5.1 Labeling procedure for rewrite theories 

Let us define a labeling procedure for rules similar to [6| that allows us to trace 
symbols involved in a rewrite step. First, we provide the notion of labeling for 
terms, and then we show how it can be naturally lifted to rules and rewrite steps. 

Consider a set A of atomic labels, which are denoted by Greek letters a, /?, . . .. 
Composite labels (or simply labels) are defined as finite sets of elements of A. 
By abuse, we write the label a(3j as a compact denotation for the set {a,(3,j}. 

A labeling for a term t e Tsu{n}(V) is a map L that assigns a label to (the 
symbol occurring at) each position w of t, provided that rooi(t|uj) 7^ □. If t is a 
term, then t^ denotes the labeled version of t. Note that, in the case when t is 
a context, occurrences of symbol □ appearing in the labeled version of t are not 
labeled. The codomain of a labeling L is denoted by Cod{L) = {l\ {w I) ^ L}. 

An initial labeling for the term t is a labeling for t that assigns distinct fresh 
atomic labels to each position of the term. For example, given t = f{g{a, a), □), 
then t^ = f°'{g^{a'-',a^ ),□) is the labeled version of t via the initial labeling 
L ={A ^ a, 1 ^ (3, 1.1 7, 1.2 I— >■ S}. This notion extends to rules and rewrite 
steps in a natural way as shown below. 

Labeling of Rules. The labeling of a rewriting rule is formalized as follows: 

Definition 1. (rule labeling) 16J Given a rule r : X ^ p, a labeling for r is 
defined by means of the following procedure. 

ri. The redex pattern is labeled by means of an initial labeling L. 

r-i. A new label I is formed by joining all the labels that occur in the labeled 
redex pattern \^ (say in alphabetical order) of the rule r. Label I is then 
associated with each position w of the contractum pattern , provided that 
root{p\i,) ^ □. 

The labeled version of r w.r.t. Lr is denoted by r^''. Note that the labeling 
procedure shown in Definition [T] does not assign labels to variables but only to 
the function symbols occurring in the rule. 



8 M. Alpuente, D. Ballis, J. Espert, and D. Romero 



Labeling of Rewrite Steps. Before giving the definition of labeling for a 
rewrite step, we need to formalize the auxiliary notion of substitution labeling. 

Definition 2. (substitution labeling) Let a = {cci/ii, . . . ,a;„/i„} be a substitu- 
tion. A labeling L„ for the substitution a is defined by a set of initial labelings 
L(j — {Lj^^/fj, . . . such that (i) for each binding (xi/ti) in the substitu- 

tion a, ti is labeled using the corresponding initial labeling L^./t., and (ii) the 
sets Cod{Lx^/t^), . . . , Cod{Lx^/t^) are pairwise disjoint. 

By using Definition[2J we can formulate a labeling procedure for rewrite steps 
as follows. 

Definition 3. (rewrite step labeling) Let r : X ^ p be a rule, and /i : t ^ s 
be a reiurite step using r such that t = C[Xa\q and s = C[pa]q, for a context C 
and position q. Let a = {xi/ti, . . . ,x„/i„}. Let L^ be a labeling for the rule r, 
Lq be an initial labeling for the context C , and L„ — {L^^/j^ , • ■ • , -^a:„/t„} ^6 ^ 
labeling for the substitution a such that the sets Cod(Lc), Cod{Lr), and Cod{a) 
are pairwise disjoint, where Cod{a) = [J^^i Cod{Lx./t.). 

The rewrite step labeling L^^ for p is defined by successively applying the 
following steps: 

si. First, positions of t or s that belong to the context C are labeled by using the 
initial labeling Lq. 

S2- Then positions of t\q (resp. s\q) that correspond to the redex pattern (resp. 
contractum pattern) of the rule r rooted at the position q are labeled according 
to the labeling L^. 

S3. Finally, for each term tj, j = {!,..., n}, which has been introduced in t 
or s via the binding Xj/tj G a, with Xj £ Var(X), tj is labeled using the 
corresponding labeling L^^./i. G L^, 

The labeled version of a rewrite step /i w.r.t. L^ is denoted by /i^^" . Let us 
illustrate these definitions by means of a rather intuitive example. 

Example 3. Consider the rule r : f{g{x, y), a)) — ?> d(s{y), y). The labeled version 
of rule r using the initial labeling L = {(yl i-> a, 1 1-^ /3, 2 H> 7} is as follows: 

r(/(x,y),a^)^d"''^(s'^''^(2/),2/) 

Consider a rewrite step p : C[Xa\ A C[pcr] using r, where C[A(7] = 
d{f{g{a,h{b)),a),a), C[pa] = d{d{s{h{b)),h{b)),a), and a = {x/a,y/h{b)}. Let 
Lc = {A^ S, 2 ^ e}, L^/a = {A ^ (}, and iy/h(6) = {^1 ??, 1 61} be 
the labelings for C and the bindings in ct, respectively. Then, the corresponding 
labeled rewrite step /^^ is as follows 

p"- ■.d'{f^g^{a^,h'^{b'>)),a^),a^) ^ d\d-^"'{s"^^h'^{b'>)),h'^(b'>)),a^) 
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5.2 Backward Tracing Relation 

Given a rewrite step ^ : t ^ s and the labeling process defined in the previous 
section, the backward tracing relation computes the set of positions in t that are 
origin for a position w in s. Formally. 

Definition 4. (origin positions) Let ji : t ^ s be a rewrite step and L be a 
labeling for fi where Lt (resp. Ls) is the labeling oft (resp. s). Given a position 
w of s, the set of origin positions of uu in t w.r.t. n and L (in symbols, <^ui^ is 
defined as follows: 

<]^ui = {v £ Vos{t) I 3p G 'Pos(s), {v I— !> ly) £ Lt, (p n> Ip) G Ls s.t. p < w and ly C Ip} 

Note that Definition |4] considers all positions of s in the path from its root 
to w for computing the origin positions of w. Roughly speaking, a position v in 
t is an origin oi w, if the label of the symbol that occurs in t^ at position v is 
contained in the label of a symbol that occurs in s^ in the path from its root to 
the position w. 

Example 4- Consider again the rewrite step /i^ : t^-^s^ of Example |31 and let 
w be the position 1.2 of s^. The set of labeled symbols occurring in s^ in the 
path from its root to position w is the set z = {/i'', d"''^, d'^}. Now, the labeled 
symbols occurring in t^ whose label is contained in the label of one element of 
z is the set {h^ , f" , ,0"^ ,d^}. By Definition 21 the set of origin positions of w 
in/Lt^is <^u; = {1.1.2, 1, 1.1, 1.2, A}. 

5.3 The Backward Trace Slicing Algorithm 

First, let us formalize the slicing criterion, which basically represents the infor- 
mation we want to trace back across the execution trace in order to find out the 
"origins" of the data we observe. Given a term t, we denote by Ot the set of 
observed positions of t. 

Definition 5. (slicing criterion) Given a rewrite theory TZ ~ {S,A,R) and 
an execution trace T : s — >* t in TZ, a slicing criterion for T is any set Ot of 
positions of the term t. 

In the following, we show how backward trace slicing can be performed by 
exploiting the backward tracing relation that was introduced in Definition SI 
Informally, given a slicing criterion Ot„ for T : io ^ ^2 ■ ■ ■ — > , at each 
rewrite step ti-i — ^ ti, i = l,...,n, our technique inductively computes the 
backward tracing relation between the relevant positions of ti and those in ti-\. 
The algorithm proceeds backwards, from the final term t„ to the initial term t^, 
and recursively generates at step i the corresponding set of relevant positions, 
Ptn-i ■ Finally, by means of a removal function, a simplified trace is obtained 
where each tj is replaced by the corresponding term slice that contains only the 
relevant information w.r.t. Ft . 
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Definition 6. (sequence of relevant position sets) Let TZ = {S,A,R) be a 
rewrite theory, and T : to ti . . . ^ tn be an execution trace in TZ. Let Li 
be the labeling for the rewrite step ti — ^ t^+i with < i < n. The sequence of 
relevant position sets in T w.r.t. the slicing criterion Ot„ is defined as follows: 



Now, it is straightforward to formalize a procedure tliat obtains a term slice 
from each term t in T and the corresponding set of relevant positions of t. We 
introduce the fresh symbol • ^ Z' to replace any information in the term that is 
not relevant, hence does not affect the observed criterion. 

Definition 7. (term slice) Let t £ be a term and P be a set of positions of 
t. A term slice of t with respect to P is defined as follows: 



In the following, we use the notation t' to denote a term slice of the term t. 
Roughly speaking, the symbol • can be thought of as a variable, so that any term 
t' G t{E) can be considered as a possible concretization of t' if it is an "instance" 
of [i*], where [f] is the term that is obtained by replacing all occurrences of • 
in t' with fresh variables. 

Definition 8. (term slice concretization) Given t' e Tj; and a term slice t' , we 
define t* oc t' if [f] is (syntactically) more general than t' (i.e., [t']a — t' , for 
some substitution a). We also say that t' is a concretization of t' . 

Figure [T] illustrates the notions of term slice and term slice concretization for 
a given term t w.r.t. the set of positions {1.1.2, 1.2}. 

Let us define a sliced rewrite step between two term slices as follows. 

Definition 9. (sliced rewrite step) Let TZ = {S,A,R) be a rewrite theory and 
r a rule of TZ. The term slice s' rewrites to the term slice t* via r (in symbols, 
s' t' ) if there exist two terms s and t such that s' is a term slice of s, t' is 
a term slice of t, and s ^ t. 

Finally, using Definition |9l backward trace slicing is formalized as follows. 



relevant_positions{T, Ot„) — [Pq, ■ ■ ■ , Pn] 




slice{t, P) — sljrec{t, P, A), where 




f{sLrec{ti,P,p.l), . . . , sLrec{tn, P,p.n)) 

if t = f{ti, . . . ,tn) and there exists w s.t. (p.w) G P 
• otherwise 
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term t term slice t' of t a concretization of t' 

w.r.t. {1.1.2, 1.2} 



Fig. 1. A term slice and a possible concretization. 



Definition 10. (backward trace slicing) Let TZ — (S, Z\, R) be a rewrite theory, 
and T : to --^ ti . . . ^ tn be an execution trace in TZ. Let Ot^ be a slicing 
criterion for T , and let [Pq, ■ • • , Pn] be the sequence of the relevant position sets 
of T w.r.t. Ot^. A trace slice T' of T w.r.t. Ot„ is defined as the sliced rewrite 
sequence of term slices t* = slice{ti, Pi) which is obtained by gluing together the 
sliced rewrite steps in the set 

IC' - {tl_, ^ t- I < fc < n A tl_, / tl}. 

Note that in Definition [TUl the sliced rewrite steps that do not affect the 
relevant positions (i.e., tl_-^ tj. with tl_-^ — t^) are discarded, which further 
reduces the size of the trace. 

A desirable property of a slicing technique is to ensure that, for any con- 
cretization of the term slice t' , the trace slice T* can be reproduced. This prop- 
erty ensures that the rules involved in T' can be applied again to every concrete 
trace T' that we can derive by instantiating all the variables in [t*] with arbitrary 
terms. 

Theorem 1. (soundness) Let TZ be an elementary rewrite theory. Let T be an 
execution trace in the rewrite theory TZ, and let O be a slicing criterion for T . 
Let T* : — V . . . &e the corresponding trace slice w.r.t. O. Then, for 

any concretization t'^ of t^, it holds that T' : tg t'^ . . . ^ t'^ is an execution 
trace in TZ, and t* oc t[, for i — 1, . . . ,n. 

The proof of Theorem [T] relies on the fact that redex patterns are preserved 
by backward trace slicing. Therefore, for i = 1, . . . , n, the rule can be applied 
to any concretization t'^_^ of term t*_^ since the redex pattern of does appear 
in and hence in t'i_^. A detailed proof of Theorem [T] can be found in 

Appendix [X] 

Note that our basic framework enjoys neededness of the extracted information 
(in the sense of [H]), since the information captured by every sliced rewrite step 
in a trace slice is all and only the information that is needed to produce the data 
of interest in the reduced term. 
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6 Backward Trace Slicing for Extended Rewrite Theories 

In this section, we consider an extension of our basic slicing methodology that 
allows us to deal with extended rewrite theories TZ = {S, E, R) where the equa- 
tional theory (S, E) may contain associativity and commutativity axioms, and 
R may contain collapsing as well as nonleft-linear rules. Moreover, we also con- 
sider the built-in operators, which are not equipped with an explicit functional 
definition (e.g., Maude arithmetical operators). It is worth noting that all the 
proposed extensions are restricted to the labeling procedure of Section [STTl keep- 
ing the backbone of our slicing technique unchanged. 

6.1 Dealing with collapsing and nonleft-linear rules 

Collapsing Rules. The main difficulty with collapsing rules is that they have 
a trivial contractum pattern, which consists in the empty context □; hence, it is 
not possible to propagate labels from the left-hand side of the rule to its right- 
hand side. This makes the rule labeling procedure of Definition [T] completely 
unproductive for trace slicing. 

In order to overcome this problem, we keep track of the labels in the left-hand 
side of the collapsing rule r, whenever a rewrite step involving r takes place. This 
amounts to extending the labeling procedure of Definition [3] as follows. 

Definition 11. (rewrite step labeling for collapsing rules) Let fi : t s he a 

rewrite step s.t. a ~ {xi/ti, . . . ,a;„/t„}, where r : X —i- Xi is a collapsing rule. 
Let Lr be a labeling for the rule r. In order to label the step /i, we extend the 
labeling procedure formalized in Definition O as follows: 

54. Let ti be the term introduced in s via the binding Xi/ti S a, for some i € 
{1, . . . , n}. Then, the label ti of the root symbol of ti in s is replaced by a new 
composite label Ich , where Ic is formed by joining all the labels appearing in 
the redex pattern of r^'' . 

Nonleft-linear Rules. The trace slicing technique we described so far does not 
work for nonleft-linear TRS. Consider the rule: r : f{x,y^x) — g{x,y) and the 
one-step trace T : f{a,b,a) — > g(a,b). If we are interested in tracing back the 
symbol g that occurs in the final state g{a, b), we would get the following trace 
slice T' : /(•, •, •) — s> g{», •). However, /(a, b, b) is a concretization of /(•, •, •) 
that cannot be rewritten by using r. In the following, we augment Definition 1111 
in order to also deal with nonleft-linear rules. 

Definition 12. (rewrite step labeling for nonleft-linear rules) Let ^ : t^^ s be 
a rewrite step s.t. a = {xi/ti, ..,Xn/tn}, where r is a nonleft-linear rule. Let 
Lcr — {Lx^/ti , .., -^a:„/t„} be a labeling for the substitution a. In order to label the 
step 11, we further extend the labeling procedure formalized in Definition \11\ as 
follows: 

55. For each variable Xj that occurs more than once in the left-hand side of the 
rule r, the following steps must be followed: 
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• we form a new label Ixj by joining all the labels in Cod{L.j../t) where 
Lxj/t G Lc^; 

• let Is be the label of the root symbol of s. Then, Ig is replaced by a new 
composite label Ixjls- 

Note that, whenever a rewrite step fj, involves the application of a rule that is 
both collapsing and non left-linear, the labeling for is obtained by sequentially 
applying step S4 of Definition [TT] and step S5 of Definition [12] (over the labeled 
rewrite step resulting from 54). 

Example 5. Consider the labeled, collapsing and nonleft-linear rule 
f^{x,y,x)^y together with the rewrite step 11 : h{f{a,b,a),b) ^ h{b,b), 
and matching substitution a — {x/a,y/b}. Let i/i(n^b) — {A 1-^ a, 2 1-^ e} he 
the labeling for the context h{D,b). Then, for the labeling La — {L^/a, Ly/i,}, 
with Lx/a = n> 7} and Ly/i, — {A n> 6}, the labeled version of /i is 
h'^{fP{a'< ,b\a^),b') h°'(b'^^\¥). Finally, by considering the criterion {1}, 
we can safely trace back the symbol b of the sliced final state •) and obtain 
the following trace slice 

Hf{9{a),b,g{a)),») h{b,»). 

6.2 Built-in Operators 

In practical implementations of RWL (e.g., Maude [10]), several commonly used 
operators are pre-defined (e.g., arithmetic operators, if-then-else constructs), 
which do not have an explicit specification. To overcome this limitation, we 
further extend our labeling process in order to deal with built-in operators. 

Definition 13. (rewrite step labeling for built-in operators) For the case of a 
rewrite step fi : C[op(ti, . . . , i„)] C[t'] involving a call to a built-in, n-ary 
operator op, we extend Definition \12\ by introducing the following additional case: 

Sq. Given an initial labeling Lop for the term op{ti, . . . ,tn), 

• each symbol occurrence in t' is labeled with a new label that is formed by 
joining the labels of all the (labeled) arguments ti, . . . ,tn of op; 

• the remaining symbol occurrences of C[t'] that are not considered in the 
previous step inherit all the labels appearing in C[op{ti, . . . ,t„)]. 

For example, by applying Definition 1131 the addition of two natural num- 
bers implemented through the built-in operator -I- might be labeled as 

6.3 Associative-Commutative Axioms 

Let us finally consider an extended rewrite theory TZ = {S, AU B, R), where B 
is a set of associativity (A) and commutativity (C) axioms that hold for some 
function symbols in S. Now, since B only contains associativity/commutativity 
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(AC) axioms, terms can be represented by means of a single representative of 
their AC congruence class, called AC canonical form [12 . This representative is 
obtained by replacing nested occurrences of the same AC operator by a flattened 
argument list under a variadic symbol, whose elements are sorted by means of 
some linear ordering^. The inverse process to the flat transformation is the unflat 
transformation, which is nondeterministic (in the sense that it generates all the 
unflattended terms that are equivalent (modulo AC) to the flattened term) 

For example, consider a binary AC operator / together with the standard lex- 
icographic ordering over symbols. Given the B-equivalence /(6, f{f{b, a), c)) =b 
f{f{b,c),f{a,b)), we can represent it by using the "internal sequence" 
fibj{f{b,a),c)) ^*fl^^^ fia,b,b,c) ^l„flatn fifib,c)J{a,b)), where the first 
one corresponds to the flattening transformation sequence that obtains the AC 
canonical form, while the second one corresponds to the inverse, unflattening one. 

The key idea for extending our labeling procedure in order to cope with in- 
equivalence =B is to exploit the flat/unflat transformations mentioned above. 
Without loss of generality, we assume that flat / unflat transformations are stable 
w.r.t. the lexicographic ordering over positions Cpl . This assumption allows us 
to trace back arguments of commutative operators, since multiple occurrences 
of the same symbol can be precisely identified. 

Definition 14. (AC Labeling.) Let f be an associative- commutative operator 
and B be the AC axioms for f. Consider the B-equivalence ti =b ^2 and the 
corresponding (internal) flat/unflat transformation T : ti — S'^atg ^ ~^*unflatj^ ^2- 
Let L be an initial labeling for ti. The labeling procedure for ti =b ^2 'is as 
follows. 

1. (flattening) For each flattening transformation step i|„ -^flatg in T for 
the symbol f , a new label If is formed by joining all the labels attached to the 
symbol f in any position w of t^ s.t. w — v or w > v, and every symbol on 
the path from v to w is f ; then, label If is attached to the root symbol of t'^^. 

2. (unflattening) For each unflattening transformation step t|„ -^unflatg t'^y in 
T for the symbol f , the label of the symbol f in the position v oft^ is attached 
to the symbol f in any position w oft' such that w — v or w > v, and every 
symbol on the path from v to w is f . 

3. The remaining symbol occurrences in t' that are not considered in cases\^or 
m above inherit the label of the corresponding symbol occurrence in t. 

^ Specifically, Maude uses the lexicographic order of symbols. 

® These two processes are typically hidden inside the _B-matching algorithms that 
are used to implement rewriting modulo B. See 110] (Section 4.8) for an in-depth 
discussion on matching and simplification modulo AC in Maude. 

^ The lexicographic ordering C is defined as follows: A [- w for every position w, and 
given the positions wi = i.w'i and W2 = j-w'2, wi \Z W2 iS i < j or (i = j and 
w'l w'2). Obviously, in a practical implementation of our technique, the considered 
ordering among the terms should be chosen to agree with the ordering considered 
by flat/unfiat transformations in the RWL infrastructure. 
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Example 6. Consider the transformation sequence 

f{b,f{b,f{a,c))) f(a,b,b,c) ^l^fl,,^ f{f{b,c),fia,b)) 

by using Definition [HI the associated transformation sequence can be labeled as 
follows: 

r{b^,r{b',r{a^,c'^))) r''[a^y,b\c^) ^:„^„,^ 

/"^^ (/"^-^ (6" , c" ) , /"^^ (a« , 6* ) ) 

Note that the original order between the two occurrences of the constant h is not 
changed by the flat/unflat transformations. For example, in the first term, is 
in position 1 and is in position 2.1 with 1 C 2.1, whereas, in the last term, 
is in position 1.1 and 6'' is in position 2.2 with 1.1 □ 2.2. 

Finally, note that the methodology described in this section can be easily 
extended to deal with other equational attributes, e.g., identity (U), by explicitly 
encoding the internal transformations performed via suitable rewrite rules. 

6.4 Extended Soundness 

Soundness of the backward trace slicing algorithm for the extended rewrite the- 
ories is established by the following theorem which properly extends Theorem [TJ 
The proof of such an extension can be found in Appendix [X] 

Theorem 2. (extended soundness) Let TZ — {S,E,R) be an extended rewrite 
theory. Let T be an execution trace in the rewrite theory TZ, and let O be a slicing 
criterion for T ■ Let T* : t* —¥ t' . . . t'^ be the corresponding trace slice w.r.t. 
O. Then, for any concretization t^ of t', it holds that 7"' : ig — V t'^ . . . ^ is 
an execution trace in TZ, and t* oc t[, for i = 1, . . . , n. 

7 Experimental Evaluation 

We have developed a prototype implementation of our slicing methodology that 
is publicly available at |iittp : //www . dsic . upv . es/-dromero7siicing . htmlj 
The implementation is written in Maude and consists of approximately 800 
lines of code. Maude is a high-performance, reflective language that supports 
both equational and rewriting logic programming, which is particularly suitable 
for developing domain-specific applications [13]. The refiection capabilities of 
Maude allow metalevel computations in RWL to be handled at the object-level. 
This facility allows us to easily manipulate computation traces of Maude it- 
self and eliminate the irrelevant contents by implementing the backward slicing 
procedures that we have defined in this paper. Using refiection to implement 
the slicing tool has one important additional advantage, namely, the ability to 
quickly integrate the tool within the Maude formal tool environment [11] , which 
is also developed using reflection. 
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We developed the operator slice that implements the slicing process. This 
operator is invoked as follows: 

slice((moduleNELine), (initialState), (endState), (criterion)) 

where moduleNcmie is the name of the Maude module that includes the rules 
and the equations to be considered in the slicing process; initialState and 
endState are the initial state and the final state, respectively, of the execution 
trace; and criterion is the slicing criterion. The operator works as follows. First, 
by considering the rules and equation in moduleName, the instrumented execution 
trace stemming from the initial state that leads to the final state is computed. 
Then, the slicing procedure is executed with the instrumented computation trace 
and the slicing criterion as inputs. Finally, a pair that contains the sliced trace 
and the original execution trace is delivered as outcome of the process. 

In order to evaluate the usefulness of our approach, we benchmarked our 
prototype with several examples of Maude applications, namely: War of Souls 
(WoS), a role-playing game that is modeled as a nontrivial producer/consumer 
application; Fault- Tolerant Communication Protocol (FTCP), a Maude specifi- 
cation that models a fault-tolerant, client-server communication protocol; and 
Web-TLR, a software tool designed for model-checking real-size Web applica- 
tions (e.g.. Web-mailers, Electronic forums), which is based on rewriting logic. 

We have tested our tool on some execution traces that were generated by the 
Maude applications described above by imposing different slicing criteria. For 
each application, we considered two execution traces that were sliced using two 
different criteria. As for the WoS example, we have chosen criteria that allow us to 
backtrace both the values produced and the entities in play — e.g., the criterion 
WoS.7i.02 isolates players' behaviors along the trace Ti- Execution traces in 
the FTCP example represent client-server interactions. In this case, the chosen 
criteria aim at isolating a server and a client in a scenario that involves multiple 
servers and clients (FTCP. 72. Oi), and tracking the response generated by a server 
according to a given client request (FTCP. 71. Oi). In the last example, we have 
used Web-TLR to verify two LTL(R) properties of a Webmail application. The 
considered execution traces are much bigger for this program, and correspond 
to the counterexamples produced as outcome by the built-in model-checker of 
Web-TLR. In this case, the chosen criteria allow us to monitor the messages 
exchanged by the Web browsers and the Webmail server, as well as to focus our 
attention on the data structures of the interacting entities (e.g., browser/server 
sessions, server database). 

Table [1] summarizes the results we achieved. For each criterion, Table[T]shows 
the size of the original trace and of the computed trace slice, both measures 
as the length of the corresponding string. The %reduction column shows the 
percentage of reduction achieved. These results are very encouraging, and show 
an impressive reduction rate (up to ~ 95%). Actually, sometimes the trace slices 
are small enough to be easily inspected by the user, who can restrict her attention 
to the part of the computation she wants to observe getting rid of those data 
that are useless or even noisy w.r.t. the considered slicing criterion. 
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Example 


Example 
trace 


Original 
trace size 


Slicing 
criterion 


Sliced 
trace size 


% 

vcduction 


WoS 


WoS.Ti 


776 


WOo , / 1 . U/1 


201 


74.10% 




138 


82 22% 


WoS. 72 


997 


W0s.r2.01 


404 


58.48% 


W0s.r2.02 


174 


82.55% 


FTCP 


FTCP.Ti 


2445 


FTCP.ri.Oi 


895 


63.39% 


FTCP.r1.O2 


698 


71.45% 


FTCP. 72 


2369 


FTCP.r2.O1 


364 


84.63% 


FTCP.r2.O2 


707 


70.16% 


Web-TLR 


Web-TLR.Ti 


31829 


Web-TLR. r.Oi 


1949 


93.88% 


Web-TLR. ri.02 


1598 


94.97% 


Web-TLR.72 


72098 


Web-TLR. ri.Oi 


9090 


87.39% 


Web-TLR. r2.02 


7119 


90.13% 



Table 1. Summary of the reductions achieved. 



8 Conclusion and Related Work 

We have presented a backward trace-slicing technique for rewriting logic the- 
ories. The key idea consists in tracing back — through the rewrite sequence — 
all the relevant symbols of the final state that we are interested in. Preliminary 
experiments demonstrate that the system works very satisfactorily on our bench- 
marks — e.g., we obtained trace slices that achieved a reduction of up to almost 
95% in reasonable time (max. 0.5s on a Linux box equipped with an Intel Core 
2 Duo 2.26GHz and 4Gb of RAM memory). 

Tracing techniques have been extensively used in functional programming 
for implementing debugging tools [5]. For instance, Hat [5] is an interactive de- 
bugging system that enables exploring a computation backwards, starting from 
the program output or an error message (with which the computation aborted). 
Backward tracing in Hat is carried out by navigating a redex trail (that is, 
a graph-like data structure that records dependencies among function calls), 
whereas tracing in our approach does not require the construction of any auxil- 
iary data structure. 

Our backward tracing relation extends a previous tracing relation that was 
formalized in [6] for orthogonal TRSs. In [6^, a label is formed from atomic 
labels by using the operations of sequence concatenation and underlining (e.g., 
a, &, ab, abed, are labels), which are used to keep track of the rule application 
order. Collapsing rules are simply avoided by coding them away. This is done 
by replacing each collapsing rule X ^ x with the rule A six), where e is 
a unary dummy symbol. Then, in order to lift the rewrite relation to terms 
containing e occurrences, infinitely many new extra-rules are added that are 
built by saturating all left-hand sides with e{x). In contrast to 0, we use a 
simpler notion of labeling, where composite labels are interpreted as sets of 
atomic labels, and in the case of collapsing as well as nonleft-linear rules we 
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label the rewrite steps themselves so that we can deal with these rules in an 
effective way. 

The work that is most closely related to ours is [13], which formalizes a 
notion of dynamic dependence among symbols by means of contexts and studies 
its application to program slicing of TRSs that may include collapsing as well as 
nonleft-linear rules. Both the creating and the created contexts associated with a 
reduction (i.e., the minimal subcontcxt that is needed to match the left-hand side 
of a rule and the minimal context that is "constructed" by the right-hand side 
of the rule, respectively) are tracked. Intuitively, these concepts are similar to 
our notions of redex and contractum patterns. The main differences with respect 
to our work are as follows. First, in |14| the slicing is given as a context, while 
we consider term slices. Second, the slice is obtained only on the first term of 
the sequence by the transitive and refiexive closure of the dependence relation, 
while we slice the whole execution trace, step by step. Obviously, their notion 
of slice is smaller, but we think that our approach can be more useful for trace 
analysis and program debugging. An extension of (6j is described in [22], which 
provides a generic definition of labeling that works not only for orthogonal TRSs 
as is the case of "6^ but for the wider class of all left-linear TRSs. The nonleft- 
linear case is not handled by [22]. Specifically, [22 describes a methodology of 
static and dynamic tracing that is mainly based on the notion of sample of a 
traced proof term — i.e., a pair {fJ., P) that records a rewrite step fi — s ^ t, 
and a set P of reachable positions in t from a set of observed positions in s. 
The tracing proceeds forward, while ours employs a backward strategy that is 
particularly convenient for error diagnosis and program debugging. Finally, [14j 
and [22] apply to TRSs whereas we deal with the richer framework of RWL that 
considers equations and equational axioms, namely rewriting modulo equational 
theories. 
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A Proofs of Theorems [T] and 2 
Proof of Theorem [l] 

We first demonstrate some auxiliary results which facilitate the proof of Theo- 
rem [1] The following auxiliary result is straightforward. 

Lemma 1. Let t* be a term slice, and let t' be a term such that t* on t' . For 
every position w G 'Pos{t'), it holds that, either root{t'^^) = root{t'^), or there 
exists a position u oft' such that u < w and root{t'^) — •. 

Proof. Immediate by Definition |H1 □ 

The following definitions are auxiliary. Let C be a context. We define the set 
of positions of C as the set 'Pos{C) — {v \ root{C\y) ^ □}. Given a term t, by 
pathw{t), we denote the set of symbols in t that occur in the path from its root 
to the position w of t, e.g., path(^2.i){f {a, g{b) , c)) = {f,g,b}. 

Definition 15. Let r : X ^ p be a rule ofTZ. Let fi : s^-^ t be a rewrite step such 
that s = C[Xcr] and t = C[pa]. Given a position w, we say that w is involved in 
fi, if there exist w' and w" such that w — w' .w" , C|^' = □ and w" G Voslpa). 

The following lemma establishes that, if a relevant position is involved in a 
rewrite step, then the origin position relation preserves the redex pattern of the 
rule. 

Lemma 2. Let r : X p be a rule of an elementary rewrite theory TZ. Let 
p, : s t be a rewrite step such that s = C[A(t] and t = C[pa], where a is a 
substitution and C is a context. Let L be a labeling for the rewrite step p, and 
w e ros{t). 

1. if w e 'Pos{C), then <\j;w = {v e Pos{C) \ w = v.v'} 

2. if w = w' .w" , C|^/ = and w" G Pos{pa), then <\j;w 3 {w' .v' G Pos{s) | 
v' G Vos{X)} 

Proof. Given the rule r : A — ?> p and the labeling L for the rewrite step p : t, 

let us consider the labeled rewrite step p^ : s^ ^—f . By Definition |3l we can 
decompose the labeling L into three labelings Lc, Lr, and Lg- that respectively 
label the context C, the redex and the contractum patterns appearing in p, 
and the terms in p introduced by the substitution a. In other words, we have 

= C^^[A^-CT^-] and = C^^lp^-a^"]. 

Let us prove the two claims independently. 
Claim 1. We assume that w G Vos{t) and w G Vos{C). Since the context C has 
the same initial labeling C^"^ in both s and t, and the sets Cod{Lc), Cod{Lr), 
and Cod{Lc,) are pairwise disjoint, the set of origin positions <\g^fW in s is 
the set of positions lying on the path from the root position of s to w. Hence, 
= {v e Vos{C) I w = v.v'}. 



22 M. Alpuente, D. Ballis, J. Espert, and D. Romero 



Claim 2. We assume that w — w' .w" , Ci^i = □, and w" G Vos{pa). Then, 
since r belongs to an elementary rewrite theory 7?., r is non-collapsing. This 
implies that there exists a labeled symbol f G pathw{t'") belonging to the 
contractum pattern of the rule r. By Definition [TJ for each labeled symbol 
in the redex pattern of r, we have that I C I'. Now, since the redex pattern of 
r is embedded into s and the contractum pattern of r is embedded into t, the 
inclusion <l^w 3 {v-v' S Vos{s) \ v' G Vos{\)} trivially holds by Definition HI 

□ 

The following lemma establishes that, given the rewrite step fi : to ^ ti and 
a term slice t' of to, any concretization of t* is reduced by the rule r to the 
corresponding term slice concretization of ti. 

Lemma 3. Let r : X ^ p be a rule of an elementary rewrite theory TZ. Let 
jj, : to ^-^ ti be a rewrite step such that to = C[Xa] and ti = C[pcr], where a is a 
substitution and C is a context. Let L be a labeling for the rewrite step p, and 
[Pq,Pi\ be the sequence of the relevant position sets for p : to ti w.r.t. the 
slicing criterion O. Let t* = slice{tQ, Pq), and t^ — slice{ti, Pi) . 

1. ifPiC Vos{C) then t^^t'^. 

2. if Pi n {w\w — v.v', C|t, = □, and v' G 'Pos{pa)} ^ 0, then for any con- 
cretization t'o of t* , we have that tg ^— > t'l where oc t'l . 

Proof. We proof the two claims separately. 

Claim 1. Let Pi C VosiC). Then, by Lemma [2] (Claim 1), for any w G Pi, 
^l^^ = {w G 'Pos{C) I w — v.v'}. Additionally, by Definition El Pq — 
U«,6Pi(<1m^)> and hence Pq = Uu,GPii" ^ VosiC) \ w = v.v'}. Therefore, it 
holds that (i) Pi Q Pq Vos{C), and for any v G Po\ Pi, there exists a po- 
sition v' such that w — v.v' for some w G Pi] (ii) by Definition [71 the function 
slice{t, P) delivers a term slice t* where all the symbols of t that do not occur 
in the path connecting the root position of t with some position w ^ P are ab- 
stracted by the • symbol. Now, since t* = slice{to, Pq) and t* = slice(ti, Pi), by 
(i) and (ii), we can conclude that Act and pa are abstracted by •, and the context 
C is abstracted by the term slice C in both and ti. Hence, t' = C*[»] = i'. 
Claim 2. We assume Pi fl {w\w = v.v', C|„ — □, and v' G Vosipa)} ^ 0. 
Then, there exists a position w G Pi such that w G {w\w = v.v', C|„ = □, 
and v' G Vosip)}. By Lemma [51 (Claim 2), it follows that ^f^w D {v.v' G 
Vosito) I v' G Pos{X)}. By Definition [1 Po = U^ePi('^^^)' and hence Pq 3 
{v.v' G Vosito) I v' G Vos{X)}. Now, by Definition [7] and the fact that Pq 2 
{v.v' G Vos{to) I v' G Vos{X)}, the redex pattern of the rule r is embedded into 
t* = slice{to,Po). In other words, = C*[Act*], where C* is a term slice for 
the context C , and ct* represents the term slices for the terms introduced by 
the substitution ct. Thus, by Lemma [H any concretization of has the form 
t'o — C"[Act'], where C" oc C and for each x/t G ct', there exists x/t* G ct* such 
that t' oc t. Note also that t^ embeds the redex pattern A'-' of r. Furthermore, 
since r belongs to the elementary rewrite theory TZ, r is left-linear. Thus, the 
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following rewrite step tQ t[ can be executed for any substitution a' . The 

rewrite step t'^ t[ can be decomposed as follows: ig = C"[A(j'] C"[pa'], 
for some context C and substitution a'. Moreover, by definition of rewrite step, 
t'l embeds the contractum pattern of r. Finally, t' — C*[p*a*], and thus t[ is a 
concretization of i*. □ 

The following proposition allows the soundness of our methodology to be 
proved for one-step traces on an elementary rewrite theory. 

Proposition 1. Let TZ be an elementary rewrite theory. Let T he an execution 
trace in TZ, and let O be a slicing criterion for 7". Let T' : t' t' be the 
trace slice w.r.t. O of T. Then, for any concretization t'^ of t', it holds that 
7"' : — V t'l is an execution trace in TZ such that t' oc t'^ . 

Proof. Given the trace slice T' : t' ^ t^ w.r.t. O of T, let [^0,^*1] be the 
sequence of the relevant position sets of 7" w.r.t. O. We have (i) t* = slice{so, Pq) 
and t* = slice{si, Pi), where sq — V si is a rewrite step occurring in 7"; (ii) t' ^ t*. 
Let ri be the rule A — > p. The rewrite step sq —V si can be decomposed as follows: 
So = C[A(t] —> C[pa] — si, for some context C and substitution a. 

Since TZ is elementary and t* ^ t*, by Claim 1 of Lemma [3l Pi % T'os{C). 
Hence, there exists a position w £ Pi such that w — v.v' and v' G T^os{pa). 
Also, because TZ is elementary, we can apply Claim 2 of Lemma [H and for any 
concretization if, of t', we get tj, — V t'^ such that t'l is a concretization of t*. □ 

Theorem [TJ (soundness) Let TZ be an elementary rewrite theory. Let T be an 
execution trace in TZ and let O be a slicing criterion for 7". Let T' : t* — V t* . . . ^ 
t* be the corresponding trace slice w.r.t. O. Then, for any concretization t'^ of 
t*, it holds that T' : t'^ ^ t'l . . . ^ t'^ is an execution trace in TZ, and t' oc t'^, for 
i = 1, . . . ,n. 

Proof. The proof proceeds by induction on the length of the trace slice T' and 
exploits Proposition [1] to prove the inductive case. Routine. □ 

Proof of Theorem 2 

In oder to prove Theorem 2, we use the same proof scheme as for elementary 
rewrite theories, since the extended technique described in Section|6]is only con- 
cerned with suitable extensions of the labeling procedure given in Definition |3l 
which do not affect the overall backward trace slicing methodology. 

Let us start by proving an extension of Lemma [5] (Claim 2), which holds for 
nonleft-linear as well as collapsing rules. 

Lemma 4. Let r : X ^ p be a rule that is either nonleft-linear or collapsing. 
Let p : s^-^ t be a rewrite step such that s — C[Xa] and t — C[pa], where a is a 
substitution and C is a context. Let L be a labeling for the rewrite step p, and 
w e T'os(t). Then, 
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1. ifwe Vos{C), then <\'^^w = {w G 'Pos{C) \ w = v.v'} 

2. if w = w'.w" , Cj^,/ = and w" e Pos{pa), then <l^w 3 {w'.v' G Pos{s) | 
v' e Vos{X)} 

Proof. We prove the two claims separately. 

Claim 1. The proof is identical to the proof of Claim 1 of Lemma O 
Claim 2. To prove the lemma, we distinguish three cases. 

Case 1: Rule r is collapsing. Given the collapsing rule r ~ X ^ p where 
p ^ X with X e Var(X), let us consider the term ti introduced by the substi- 
tution a via the binding x/ti, and we have p = C[X(t] A C[ti]. Let us also 

consider the labeled rewrite step p'" : s'" ^ t^ via the labeling L. By 

DefinitionH we have = C^^iX^^a^'] and t^ = C^^itf"]. 
Let /' be the labeled root symbol of tf". By Definition [TT] (Step S4), we have 
that /' = where Ix is formed by joining all the labels appearing in the 
redex pattern A^'' and U is the label of the root of the labeled term tf" . This 
implies that, for each labeled symbol in the redex pattern of r, we have that 
I C /'. Furthermore, by hypothesis, we have that w G C[ti] and w" G Pos{ti). 
Hence, by Definition SI the inclusion <l^i« 3 {v.v' G Vos{s) \ v' G Vos{X)} 
trivially holds. 

Case 2: rule r is nonleft-linear. Given the nonleft-linear rule r, the proof is 
perfectly analogous to the proof of Lemma [2] since, by Definition [12] (Step 
S5), the label of each symbol in the contractum pattern of the rule r includes 
all the labels appearing in the redex pattern of r. 

Case 3: rule r is collapsing and nonleft-linear. Since r is both collapsing 
and nonleft-linear, p is labelled according to Definition [TT] f Step S4) and Def- 
inition [T^] (Step S5). Therefore, we can prove the claim by simply combining 
the arguments used to prove Case 1 ad Case 2. 

□ 

The following Lemma extends Lemma [3] to deal with collapsing and nonleft- 
linear rules. 

Lemma 5. Let r : X p be a rule which is either left-linear or collapsing. Let 
p : to ^-^ ti be a rewrite step such that to — C[Xa] and ti = C[pa], where a is a 
substitution and C is a context. Let L be a labeling for the rewrite step p, and 
[Po,Pi] be the sequence of the relevant position sets for p : to ti w.r.t. the 
slicing criterion O. Let t* = slice{to, Po), and = slice{ti, Pi) . Then, 

1. ifPiC VosiC) then t^ = t^. 

2. if Pi n {w\w = v.v' , C|„ ~ □, and v' G Vos{pa)} ^ 0, then for any con- 
cretization of t' , we have that tg 'A t'l where t' oc t'l . 

Proof. We proof the two claims separately. 

Claim 1. The proof is identical to the proof of Claim 1 of Lemma [3] 
Claim 2. To prove the lemma, we distinguish three cases. 
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Case 1: rule r is collapsing. Given the collapsing rule r, the proof is perfectly 
analogous to the one of Lemma [3] Claim 2. By using Lemma |4] instead of 
Lemma [21 we are still able to prove that the redex pattern of r embedded 
in tf) is also embedded in , and hence for any concretization t'^ of , the 

rewrite step t'^ > t'l can be proved. Finally, by using the same argument of 
Lemma [3] Claim 2, we conclude that t\ oc t'^. 
Case 2: rule r is nonleft-linear. Given the nonleft-linear rule r, the proof is 
similar to the one of Lemma |3l By exploiting Lemma |4] and Definition [12] 
(Step S5), we can show that (i) the redex pattern of r embedded in to is 
also embedded in t*, and (ii) for each term t introduced in by a binding 
x/t & a such that x occurs multiple times in A, t is preserved in <J (i.e., t is 
not abstracted by • in tj). By (i) and (ii), it is immediate to prove that, for 

any concretization t'^ of , the rewrite step t'^ t'^ can be proved. Finally, 
by using the same argument of Lemma [3| Claim 2, we can show that t* oc t'l- 
Case 3: rule r is collapsing and nonleft-linear. Firstly we observe that, as 
the rule r is collapsing, by Lemma [4| the redex pattern of r embedded in 
is also embedded in ij, and hence for any concretization t'^ of ^'j the redex 
pattern of r is embedded in t'^ as well. Secondly, since r is nonleft-linear, by 
Lemma [31 and Definition 1121 (Step S5), for each term t introduced in by a 
binding x/t £ u such that x occurs multiple times in A, t is preserved in t^. 
Hence, t is also embedded in tp, for any concretization t'^ of t^. From the two 
facts above, it directly follows that for any if, such that oc if,, the rewrite 

step i'l can be proved. Finally, by using the same argument of Lemma 

[3| Claim 2, we can show that t\ oc t'l. 

□ 

The following proposition allows us to prove the soundness of our methodol- 
ogy for one-step traces on an extended rewrite theory. 

Proposition 2. Let TZ be an extended rewrite theory. Let T : io be an 

execution trace in TZ, and let O be a slicing criterion for T ■ Let T' : t' —> t* be 
the trace slice w.r.t. O ofT- Then, for any concretization t'^ oft', it holds that 
T' : tQ ^ t'l is an execution trace in TZ such that t' oc t'l . 

Proof. Consider the rewrite step 11 : to ti. In the case when ri is left-linear 
and non-collapsing (i.e., a rule belonging to an elementary rewrite theory), the 
proof is identical to the proof of Proposition [2j Hence w.l.o.g. we assume that 
r corresponds to a collapsing or nonleft-linear rule, built-in operator evaluation, 
or AC axiom. 

Nonleft-linear/collapsing rules. In this case, the proof of Proposition [2| is 
analogous to the proof of Proposition [l] by using Lemma [5] in the place of 
Lemma [3| 

Built-in Operators. Let to — C[op{ti, . . . ,tm)] and ti = C[t']. Hence, /it : 
C[op{ti, . . . ,tm)] — >■ C[t'] is a rewrite step mimicking the evaluation of the 
built-in operator call op{ti, . . . ,tm)- By Definition [T3l and Definition [H it is 
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immediate to show that op{ti, . . . ,tm) is embedded in t', and thus for any 
concretization oc , — V t'l and t' oc t'l . 
Associative-Commutative Axioms. Flat/unfiat transformations are inter- 
preted as rewrite steps that reduce AC symbols. Let us first consider the flat 
transformation t ^ fiats ^' that reduces the AC symbol /. By Definition [TH 
the label of the occurrence of / in t' contains all the labels of the different 
occurrences of / appearing in t that have been reduced by the transforma- 
tion. In other words, the label of / in t' keeps track of all the occurrences of 
/ that have been reduced in t, and therefore the claim holds directly. The 
claim for unflat transformations can be proved in a similar way. 

□ 

Finally, we exploit Proposition [2] in order to prove the extended soundness 
of our methodology on extended rewrite theories. 

Theorem 2. (extended soundness) Let TZ = {S,E,R) be an extended rewrite 
theory. Let T be an execution trace in the rewrite theory TZ, and let O be a slicing 
criterion for T ■ Let T* : t J — V . . . be the corresponding trace slice w.r.t. 

O. Then, for any concretization t'^ of t', it holds that T' : t'^ t[ . . . ^ t[^ is 
an execution trace in TZ and t' (x t'^, for i — 1, . . . ,n. 

Proof. The proof proceeds by induction on the length of the trace slice T* and 
exploits Proposition [2] in order to prove the inductive case. Routine. □ 



